Security training basics: What every employee should know

For some companies, security training is a minor component during the new-hire training process, probably sandwiched between health insurance choices and vacation time information.

But given the speed with which a company can be taken down by an internal threat, security training deserves much more prominence than it usually gets.

In a 2013 report by cyber protection firm Clearswift, it was noted that 58 percent of security incidents came from within an extended enterprise, which means employees, ex-employees, and trusted partners. Some of incidents may have been intentional, but the report said the majority were likely a result of poor business processes or accidental errors.

Real-life examples

People tend to learn from their own mistakes, but also from the mistakes made by others. Simply saying, "Don't open suspicious emails" isn't quite enough to emphasize the consequences that could occur if a click-happy employee lets a virus loose into the system.

Instead, give examples of what happened at companies where phishing emails were opened or where unprotected devices were left in bars or cabs. Talk about social engineering attacks and what they involve, why password management protection matters, and why they shouldn’t download games and apps onto company machines.

spend lots of money promoting themselves on social media, so free mentions by employees on Facebook, Twitter and other networks are a good thing, right? Maybe not. Such postings, even when well-intentioned, can pose security and other risks for your firm. Here are some things that can go wrong, and some tips on setting your policy.

Many businesses grant subcontractors client access into their systems for all types of reasons, from file sharing to accounts payable functions. If systems aren't locked down, a small company can be opening itself to major security concerns.

For more effective data security, experts often recommend the implementation of a security policy so employees, clients and subcontractors can understand their roles and responsibilities. Unfortunately, the reality is that a security policy tends to be one more boilerplate document that doesn't get read, much less followed.